/** * Password recovery routine. The User will receive an email with an * activation link. If clicked, he will be prompted to enter his new * password. */ public function actionRecovery($email = null, $key = null) { $form = new YumPasswordRecoveryForm(); if ($email != null && $key != null) { if ($profile = YumProfile::model()->find('email = :email', array('email' => $email))) { $user = $profile->user; if ($user->status <= 0) { throw new CHttpException(403, 'User is not active'); } else { if ($user->activationKey == urldecode($key)) { $passwordform = new YumUserChangePassword(); if (isset($_POST['YumUserChangePassword'])) { $passwordform->attributes = $_POST['YumUserChangePassword']; if ($passwordform->validate()) { $user->setPassword($passwordform->password); $user->activationKey = CPasswordHelper::hashPassword(microtime() . $passwordform->password, Yum::module()->passwordHashCost); $user->save(); Yum::setFlash('Your new password has been saved.'); if (Yum::module('registration')->loginAfterSuccessfulRecovery) { $login = new YumUserIdentity($user->username, false); $login->authenticate(true); Yii::app()->user->login($login); $this->redirect(Yii::app()->homeUrl); } else { $this->redirect(Yum::module()->loginUrl); } } } $this->render(Yum::module('registration')->changePasswordView, array('form' => $passwordform)); Yii::app()->end(); } else { $form->addError('login_or_email', Yum::t('Invalid recovery key')); Yum::log(Yum::t('Someone tried to recover a password, but entered a wrong recovery key. Email is {email}, associated user is {username} (id: {uid})', array('{email}' => $email, '{uid}' => $user->id, '{username}' => $user->username))); } } } } else { if (isset($_POST['YumPasswordRecoveryForm'])) { $form->attributes = $_POST['YumPasswordRecoveryForm']; if ($form->validate()) { if ($form->user instanceof YumUser) { if ($form->user->status <= 0) { throw new CHttpException(403, 'User is not active'); } $form->user->generateActivationKey(); $recovery_url = $this->createAbsoluteUrl(Yum::module('registration')->recoveryUrl[0], array('key' => urlencode($form->user->activationKey), 'email' => $form->user->profile->email)); Yum::log(Yum::t('{username} successfully requested a new password in the password recovery form. A email with the password recovery url {recovery_url} has been sent to {email}', array('{email}' => $form->user->profile->email, '{recovery_url}' => $recovery_url, '{username}' => $form->user->username))); $mail = array('from' => Yii::app()->params['adminEmail'], 'to' => $form->user->profile->email, 'subject' => 'You requested a new password', 'body' => strtr('You have requested a new password. Please use this URL to continue: {recovery_url}', array('{recovery_url}' => $recovery_url))); $sent = YumMailer::send($mail); Yum::setFlash('Instructions have been sent to you. Please check your email.'); } else { Yum::log(Yum::t('A password has been requested, but no associated user was found in the database. Requested user/email is: {username}', array('{username}' => $form->login_or_email))); } $this->redirect(Yum::module()->loginUrl); } } } $this->render(Yum::module('registration')->recoverPasswordView, array('form' => $form)); }
/** * Password recovery routine. The User will receive an email with an * activation link. If clicked, he will be prompted to enter his new * password. */ public function actionRecovery($email = null, $key = null) { $form = new YumPasswordRecoveryForm; if ($email != null && $key != null) { if($profile = YumProfile::model()->find('email = :email', array( 'email' => $email))) { $user = $profile->user; if($user->activationKey == $key) { $passwordform = new YumUserChangePassword; if (isset($_POST['YumUserChangePassword'])) { $passwordform->attributes = $_POST['YumUserChangePassword']; if ($passwordform->validate()) { $user->password = YumUser::encrypt($passwordform->password); $user->activationKey = YumUser::encrypt(microtime() . $passwordform->password); $user->save(); Yum::setFlash('Your new password has been saved.'); $this->redirect(Yum::module()->loginUrl); } } $this->render( Yum::module('registration')->changePasswordView, array( 'form' => $passwordform)); Yii::app()->end(); } else { $form->addError('login_or_email', Yum::t('Invalid recovery key')); Yum::log(Yum::t( 'Someone tried to recover a password, but entered a wrong recovery key. Email is {email}, associated user is {username} (id: {uid})', array( '{email}' => $email, '{uid}' => $user->id, '{username}' => $user->username))); } } } else { if (isset($_POST['YumPasswordRecoveryForm'])) { $form->attributes = $_POST['YumPasswordRecoveryForm']; if ($form->validate()) { Yum::setFlash( 'Instructions have been sent to you. Please check your email.'); if($form->user instanceof YumUser) { $form->user->generateActivationKey(); $recovery_url = $this->createAbsoluteUrl( Yum::module('registration')->recoveryUrl[0], array( 'key' => $form->user->activationKey, 'email' => $form->user->profile->email)); Yum::log(Yum::t( '{username} successfully requested a new password in the password recovery form. A email with the password recovery url {recovery_url} has been sent to {email}', array( '{email}' => $form->user->profile->email, '{recovery_url}' => $recovery_url, '{username}' => $form->user->username))); $content = YumTextSettings::model()->find( 'language = :lang', array('lang' => Yii::app()->language)); $sent = null; if (is_object($content)) { $mail = array( 'from' => Yii::app()->params['adminEmail'], 'to' => $form->user->profile->email, 'subject' => $content->subject_email_registration, 'body' => strtr($content->text_email_recovery, array( '{recovery_url}' => $recovery_url)), ); $sent = YumMailer::send($mail); } else { throw new CException(Yum::t('The messages for your application language are not defined.')); } } else Yum::log(Yum::t( 'A password has been requested, but no associated user was found in the database. Requested user/email is: {username}', array( '{username}' => $form->login_or_email))); $this->redirect(Yum::module()->loginUrl); } } } $this->render(Yum::module('registration')->recoverPasswordView, array( 'form' => $form)); }